Archive for the ‘XenApp’ Category

if you got in issue with scrolling in web sites that contain a lot of pictures like Google Pictures than you should try the setting to enable the registry key to enable the h264 deep level compression (System->Registry->ica.wfclient.h264enabled).

Plesase note: You must use Receiver 13 and this settings is currently not available for ARM based Client like the IZ1 or UD2 Multimedia.

maybe you also agree that Adobe Flash content is one of the biggest crap that can be used in a Terminal Server/VDI environment. For example youtube or similar site’s mostly waste expensive Server CPU resources only for watching a “funny” video..

Yeah… One User with one HD Flash Movie use 41% of Server CPU resources!

HTML5 is still not a big deal for most site’s, so how can you handle it?

1) Ban it… Block unwanted traffic with a firewall or proxy. This is highly efficient but will upset the user base and maybe you need it (schools/education), so mostly this option is no deal.

2) Buy more Server.. More or less efficient and very expensive (Hardware, licensing, setup and cooling). No deal!

3) Use solutions like Citrix HDX Flash Redirection… More or less efficient, hard to setup and not 100% compatible, it could be a option but it’s not a real solution.

4) Ban it from the servers… I just setup this for a PoC and it seams to be the most efficient way which is also acceptable for most users. So how is the setup?

a) You need IGEL Linux based devices (LX or OS) based on the x86 architecture to do this.

b) Setup a local Firefox browser session and deploy any Version of the Adobe Flash Player for Linux to it (Browser Plugins in the IGEL Setup).

c) Assign a Hotkey to the Firefox Browser Session like ALT+CTRL+i.

d) Setup a IIS/Webserver on any System that is not already running a IIS/Webserver

e) On the Terminal Server/VDI (i recommend to use the golden Image) site open the hosts file which is located in the Windows/System32/drivers/etc folder and edit it. Now add any Website you want to outsource, point it to the “new” Webserver. Example:

Do not perform this for any Website which is used for “business” uploads/work! Don’t use a DNS Server to apply the configuration, this might also point the Thin Clients to a “wrong” site… Of course you can also add Webradio Website’s, browser based games or what ever you don’t want to see in a Webbrowser on the server backend. But at all.. It’s not a security solution at all, it’s to save resources only!

f) Create a small HTML Website with a short Text like “This site can not be used on a Server/VDI! Please press ALT+CTRL+i to open the local Browser and use ALT+CTRL+TAB to switch between the Browser/Session.” or similar. Make it simple and easy to understand… Now set this HTML Page as default and 404 error page for the new Webserver (d).

g) Let the user test it… If the User enter www.youtube.com the “new” Website will open and point the user how to work with the local Browser.. For the User it looks “very” embedded into the session, not 100% but it will be good enough to watch movies for most of them.

I know this solution is also not a 100% one and it can be bypassed if the User is using the IP. 😉 ..but it’s not a security solution, the User can watch Movies and you have minimized the wasted CPU resource on your backend. It’s easy to control, high compatible and everyone is happy. From my point it’s currently the best way to handle Flash until it will be fully replaced by HTML5 or any other “better” working solution. The performance depends on the User device, a UD5 will better perform than a UD2 but still: A slow client is better than a slow server for most company environments.

Also some more benefit’s.. You can seperate client traffic from your server traffic quite simple, the customer where i suggest this mentioned that they have 10GB or more “flash” streaming traffic (only youtube) per day in the server infrastructure with a little bit more than 300 user’s. You can use it with any Terminal Server/VDI solution but please note: If using VMWare View, Microsoft RemoteFX, Citrix XenDesktop x.x / XenApp 7.5 or any other solution that support real USB redirection don’t setup USB Redirection for Human Interface Devices (HID) because in this case the Mouse and Keyboard can not be used outside the Session (…and with the local Browser).

You can also add other description’s to the created “manual” website, for example for Android press the home button and open the local Browser or similar.

If you have suggestions to improve this solution feel free to give me a mail or add a comment.

in the release notes for the IGEL Firmware 5.03.100 IGEL mentioned that “single” ICA session are not possible with the Citrix Receiver 12/13 for Linux and XenDesktop/XenApp 7.x:

"- ICA sessions created on the IGEL device only work
with Citrix XenApp servers up to version 6.5."

This statement is not really true because in Citrix Terms it means only ICA Sessions based on the Citrix IMA Service (XenDesktop or XenApp 7.5 is using FMA), it is not right for sessions based on a Server IP Address or Hostname where the IMA service is not required/used.

This is also mentioned in the Citrix Edocs in the XenDesktop/XenApp 7.5 Feature description:

Custom ICA files — Custom ICA files were used to enable direct connection from user devices (with the ICA file) to a specific machine. In this release, this feature is disabled by default, but can be enabled for normal usage using a local group or can be used in high-availability mode if the Controller becomes unavailable.

In the ICA Session configuration in the UMS Profile/local Thin Client configuration use only the Server IP/Hostname for the connection (see picture below), if you have more than one Server you need to create seperate profiles for each server and assign the profiles to different clients. Of course this is a “manual” work but you are still able to use the ICA sessions if required, a Citrix Storefront or Webinterface Server is not required in this case. If HA mode is enabled like mentioned also a XenDesktop/XenApp 7.x controller can be offline for a short time period (for example maintenance).

Disadvantage:

1) It will only work in LAN environments.
2) No Load Balancing, the clients will always connect to “one” server or you have to configure “several” ICA sessions per Client.
3) No “roaming” sessions if the User use several Thin Clients and these Clients are connecting to different server.
4) Not really usefull for large environments.

It will work with Citrix Receiver 12 and 13 for Linux but also older Receiver Versions (any OS) should work with it.

iam not sure how long this feature already exists but i should mention it here….

IGEL has included in all current LX/OS Firmware Versions (V4.13.x or V5.01.x to < 5.03.100) a hidden “failback” Switch which can help to bypass issues with the latest included Citrix Receiver Version.

In the current IGEL Firmware 5.02.100 you are able to switch between Citrix Receiver 12.1.8.250715 (default, mentioned in the release notes) and Citrix Receiver 12.1.6.231670 (mentioned nowhere… 🙁 ). I do not unterstand why this is included as a hidden feature because it’s a clear benefit to have this option available.

Switching between these Versions is quite simple, you only need to execute the command /services/ica/bin/switch_ica_fallback. This can be done from a command line/terminal session for tests / troubleshooting or you can execute it during boottime for production. If you want to switch back to the “default” version just execute the command again… Funny right?

If you want to perform the last option open a profile or the local IGEL Setup and browse to System – Firmware Customization – Custom Commands – Desktop Commands and enter the command in the Custom Command Desktop Final field. After this change is done the setting will be active after the next reboot.

Update: This solution is not available in the Firmware 5.03.100, use here the switch in the gui or the registry setting System->Registry->ICA and enable useversion13.

Cheers

Michael

P.S.: It might be that this switch will be removed in later firmware releases..

if you are using the Citrix Receiver together with Apple devices you may have discovered some certificate issues in the last weeks or months.

This means, you have imported a “valid” Certificate but the user is still not able to connect to your Citrix environment. Very common for this issue is the public CA GoDaddy and there are a couple of Admins running into this issue in the last weeks.

The reason for this issue is quite simple, a few CA’s now create all certificates valid after the 01-01-2017 as a SHA2 certificate, this SHA2 certificate is not supported by the Citrix Receiver for Apple OS’s in the moment. See also http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

Only way to fix this at moment is to use an other certificate type or to wait until Citrix adds the SHA2 support for the Apple/Android/Linux receiver versions.

Cheers
Michael

P.S.: Please refer also to the Citrix Client Feature Matrix mentioned in the previous post.

if you have an issue with disconnecting ICA Session coming with the lates Version of the Citrix Receiver try the following steps:

1) Make sure you have no network issue (use the network tool coming with the IGEL Linux)

2) Disable all not needed redirection features in Sessions->ICA->ICA Global like Printer redirection, Serial Port redirection and so on.

3) Very often it seams to be that this issue is related to Flash (last Flash versions are very unstable, try also an older one on client and also server side) or Multimedia redirection, disable this in the ICA Global settings too.

Please report if this fixed the issue for you and what setting helps most.

Cheers

Michael Hoting

P.S.: If you run in a issue like this, request exact reports what was the last user action before the session drops.

Citrix has released a new Version for the Linux Receiver documentation explaining a couple of settings, the new document is already for the Receiver Version 13 but most settings are similar to Receiver 12 and explaining a lot of useful settings that can be found in the IGEL Setup->System->Registry->ICA->wfclient area.

so often i’ve been asked to use Apple devices like the Iphone, Ipad or Ipod with an (IGEL) Linux based thin client without using (expensive) USB redirection solutions…

Here is our first custom partition sample introducing Apple device support for all Universal Desktop LX/OS (x86) based devices!

Apple devices can be used local, in Microsoft Remote Desktop sevices or Citrix sessions and more. The pack includes also a local running Application (Atunes) which works quite similar to Itunes. Itunes will not recognize the device in a terminal server session but you can use file based Itunes alternatives and access the Apple device file system to copy pictures or what ever!

This solution is tested with various Apple devices (Iphone 4, Iphone 5, Ipod 7gen and Ipad 3)but please note: No one will support it. 😉 A jailbreak is not required… 😀

i would like to introduce the free Online Course CXD-102 “Introducing to XenDesktop 7” from Citrix.

This course is a requirement to visit an instuctor-led XenDesktop 7 course and it also introduces the architecture of XenDesktop7, the product itself and the main know how regarding the major changes compared to XenApp.

You will find the course here: http://training.citrix.com/mod/ctxcatalog/course.php?id=595

CXD-102

If you don’t have an Citrix Account you can create also a Citrix Account for free via the Login Page.

i just got an issue where the user opens a session from an IGEL Linux / Windows PC to a XenApp / XenDesktop environment. This works fine until the user starts a second session in the first session to an other XenDesktop/XenApp environment.

The connection are done thru a Storefront server.

If this issue happens also to you, try the following registry setting in the Server / Desktop the user connects first.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Dazzle]

“WSCReconnectMode”=”0”

Please note: Test in advance, i do not provide any warranty that this will fix the issue at all or for a data loss in case of a wrong impementation. You are fully responsible if you apply this setting!

if you already Setup a XenDesktop 7 Test Environment to test it with you IGEL Thin Clients you should be aware that the current inbuild receiver is not optimized for XenDesktop 7.

For Windows based devices you need Citrix Receiver 4 for Windows and for Linux you need Citrix Receiver 13, last one is still not released by Citrix. For Windows based devices you might be able to upgrade the Receiver by your own but for Linux you have to wait for the official release. See also: http://www.citrix.com/cms/ready/excalibur-overview/faqs/

Why is this important to know, XenDesktop 7 brings a lot of new Features and these Features are mostly not supported by the old Receiver Versions. This can cause Performance, Display or other issues (like no multitouch Support if a touch Screen is used).

So you can Setup your XenDesktop 7 Environments but for your final PoC you should wait for the right Receiver Version. 🙂

Setup also a Lync 2013 Server in your Environment and install the Lync 2013 Client coming with Office 2013 on your XenApp Server(s). Attention: Do not use the Lync Basic Client, it will not work on a Terminal Server (Microsoft and Citrix!). After the Lync 2013 Client Installation is finished make sure to install KB2760512 http://support.microsoft.com/kb/2812461 thru Windows Update or as a direct download. If Lync 2013 Hotfix 2760512 is missing misc issues in the Terminal Server environment can happen if Lync 2013 is used incl. a full Lync 2013 client crash!

In the IGEL Setup browse to Sessions->ICA->ICA Global->Multimedia and enable Multimedia Redirection and HDX Realtime WebCam Redirection. I did enable also HDX Realtime Media Engine at the client but i did not install the Citrix Optimization pack for Lync 2010 on the Server because Lync 2013 is currently not supported by this pack (and Lync 2010 is not supported on Terminal Server by Microsoft) but it was also not really required during my tests to improve the result. Also create a XenApp session or connect thru XenApp/PN (Webinterface).

After i done my setup it works without any issues for me, of course you need a good network without high latency’s. I’ve tested this also in customer WAN networks and mostly it performs quite good, but still this depends on the network quality and you should test it also by your own. So you have no written guarentee from my side!

Be also serious if you change the possible resolutions for HDX Realtime in the IGEL Setup, i’ve discovered some issues if playing to much with different resolutions (hostmmtransport.dll crash on XenApp Server). This is not IGEL related, i was able to reproduce it also with a regular Windows based Laptop as i played with several resolutions; so for your first try check this out in a Lab and not in an production Environment!

I’ve used the internal Webbrowser coming with the IGEL Linux for the connection, in both cases (LAN and WAN) it works like a charm. For my test i’ve used the IGEL Firmware 4.11.100.

…and connected to a session (XenApp 6.5)

If you plan to upgrade your Citrix Environment to CloudGateway this should work for you, so the IGEL Linux based Clients seams to be ready for the new Citrix products. Official i’ve read no confirmation from IGEL about this, so in anyway you should test this to confirm the results. If you discover issues here feel free to contact me.

Update: I forgot, in the screenshots the Desktop Connections to XenApp,XenDesktop and VDI in a Box are missing but i works also fine for me.

Cheers
Michael

P.S.: The old PNAgent Service Site is now called “Legacy” in Citrix products…..

if you’re working with seamless apps in an Citrix Environment it can happen, that sometimes a Window drops behind an other window. For example you are working in Outlook and open a Email and the new email Window appears behind the main Outlook window. For the user it Looks like the session is freezed or similar.

There are a couple of Settings to fix this but the disadvantage: you’re required to test it by your own. Application and environments are working different and there is no general rule how this can be fixed.

Open the IGEL Setup or the UMS Profile and go to System->Registry->ICA->WFCLIENT, here try to modify the following settings:

Regarding the results from the past i would prefer starting with the Settings marked in blue. In advance you should also try to change two settings from the IGEL OS, these settings can be found also in the registry->windowmanager->wm0 and then change:

focusonmap, focushint and/or preventfocusstealing

Also here, different combinations can provide different results depending on the environment.

If everything doesn’t help, try to contact the Software Vendor for your application; a couple of applications are not able to work seamless regarding the fact that they do not handle Windows in the Microsoft way (Application developed in Delphi as examble). Try also if a “Desktop Session” will bypass the issue for the user.

As said, you need to spend some time here and i can’t guarentee that this will fix the issue at all. Please test it serious and don’t roll out a not tested configuration to a bunch of thin clients at once.

Cheers

Michael

P.S.: This can also happen for any Version of the Citrix Receiver for Windows, you can try the same settings here.

very often i’ve been asked how a Citrix or Microsoft RDS fullscreen session can be minimized in an IGEL Universal Desktop LX/OS firmware. By default IGEL has not enabled this but this task is simple to do….

Open the IGEL Setup or the UMS Profile, now go to User Interface->Hotkeys->Commands and select Minimize all Windows… Click on Edit now and activate the hotkey, i prefer CTRL¦ALT and ESC (Write Escape in the Hotkey field to set ESC) but you can also set other combinations of course. Please make sure that your set combination do not conflict with any other Linux or Windows key combination!

Close the Setup or the profile (assign the profile to an Client if not already done) and here you go.

Cheers

Michael

P.S.: One Extension, of course any local Client key mapping do not work if the keyboard is mapped into the session thru “real” USB redirection!

P.S.2: For ICA Sessions it could be required to Setup a second key combination to Stop the direct Keyboard Passthrough, this configuration can be found in the IGEL Setup->System->Registry->ica->wfclient and then configure the following Settings: keypassthroughescapechar and keypassthroughescapeshift. This can be also configured with a profile in the IGEL UMS. If you’re connecting thru the Firefox Browser (Citrix Webinterface) you have to Setup the configuration in the Default.ica file from the Webinterface!